Kyverno policy fails when Loki Helmrelease doesn't exist during loki-secrets creation

The reconcile-loki-helmrelease Kyverno policy is failing with the error:

results:
  - message: ': helmreleases.helm.toolkit.fluxcd.io "loki" not found'
    policy: reconcile-loki-helmrelease
    result: error
    rule: reconcile-loki-helmrelease
    scored: true
    source: kyverno
    timestamp:
      nanos: 0
      seconds: 1756300256

see: https://gitlab.com/sylva-projects/sylva-core/-/jobs/11155518164

This occurs when the loki-secrets Secret is created/updated before the loki HelmRelease exists, which can happen during initial cluster bootstrap, because of the dependencies that we are setting.

The loki-credentials-secret unit is generating the loki-secrets Secret before the loki HelmRelease. The reconcile-loki-helmrelease policy triggers on loki-secrets creation/update. Policy attempts to mutate the loki HelmRelease with reconciliation annotations, but it fails because the HelmRelease doesn't exist yet.

The policy has to be updated with proper preconditions to check for the HelmRelease existence.